Web Application Scan

Scan Features

• Is there a way to check the domain whose communication has been blocked by Vex?
• Is it possible to scan to IP adress different from orijinal log?
• Is the scan duration affected when a scanning target includes a large number of paramerters?
• Is it possible to estimate the scan duration accurately?
• When a session is expired or logout from Vex while scanning, Does Vex scanning continue?
• How to acquire the "Scanning log"

See all 19 articles

Auto Crawler

• Only some URLs were detected by auto-crawling
• Is it possible to crawl websites using Basic authentication, Digest authentication, NTLM authentication, or client authentication
• What should be put in the "Unauthorized URL for crawling"?
• "The form does not exist" is displayed even if specifying the correct path in the "Log-in settings".
• Is there a way to hide javascript or style sheet logs on the view?
• What is the reason that target URL is in the Crawling excluded URL, and not displayed in the Crawling resul during auto-crawling?

See all 10 articles

Page Transition Diagram

• What is the upper limit number of nodes that can be displayed in the page transition diagram? Also, is it possible to raise the upper limit?
• How to fix the page transition diagram that is registered in unintended order.
• What Parameters can hand over with the "bulk setting" of the "page transition diagram"?
• Can the page transition diagram be created even if the scanning target website was a single page application?

Handler

• The difference between the Pre processor templates "Substitute list(with chain pre processor)" and "Mass Pre processor"
• What kind of scanning is "Auto setting" of "Extend Processor"?
• Is there any way to send an arbitrary value to the Xth parameter when the same parameter name exists?
• Setting method in case a parameter name changes dynamically.
• Is there a way to change the parameter value recorded to an arbitrary fixed value when scanning?

Scan Scenario

• Is it possible to scan the application if the user account will be lockout after the number of failed login attempts?
• How should scanning setup be done for websites where double login is prevented?

Payloads

• 【Important】Arrange the risk revel and vulnerability categories
• How to check the detail of signatures?
• How to obtain a signature list
• About each signature group's features and differences
• Is there a function to create a new signature?
• What is the difference in the signatures shown in gray font and blue font on the Web "Plan" page?

See all 11 articles

Scan Failure

• About the reason for occurrence and measures of "scenario recreate error"
• About the reason for occurrence and measures of "abnormally terminated scanning plan"
• Is it possible to check if the scan is success or failures?
• What does the "Matched rate" in the test access result represent?

Scan Result

• What is the gray scanning log on the scan result list?
• What is "Additional parameters" ?
• Is it false detection if "Cross-Site Scripting" is detected despite a pop-up (alert) is not displayed?
• A vulnerability of the product unused on the scanning site has been detected, is it false positive?
• How do I check the scanning results of all payloads of signatures that send multiple payloads?
• Correspondence between the vulnerability risk level and CVSS basic value

See all 7 articles